Redirection to the NAS of an external CoA request

Alan DeKok aland at
Mon Jul 19 21:30:30 CEST 2010

newtownz wrote:
> I'm trying to figure out how to send a CoA from freeRadius
> to the NAS.  The set-up I have involves two servers and an 
> Aruba controller.  

  i.e. proxying CoA packets through FreeRADIUS to the NAS.

  While this should work, it's not a deeply tested scenario.

>  In this test set-up the client authenticates locally on the
> freeRadius server.  The server listen on port 3799 for a CoA request
> that is generated from another computer, the freeRadius accepts
> the request and sends a ACK to the generator but it does not
> send anything to the NAS, 

  Did you configure the server to proxy the CoA request?  Look for
"proxy" in raddb/sites-available/coa in 2.1.9.

> I tried to supply in the request a
> NAS-IP-Address attribute and also tried with Packet-Dst-IP-Address
> with no success. Also tried different things in CoA and Originate-CoA
> with the same results.

  Well.. the "coa" documents exactly what you need to do.  Trying random
*undocumented* things won't make it work.

> The goal I'm trying to reach is to supply the user-name in the
> CoA request that will force the client to silently reconnect and
> in the meantime I will have changed the Access-List accessible to
> the client.

  Use a Disconnect-Request packet to make the client disconnect.

> 1: Is it possible to send a CoA request to the freeRadius server
> and then have it relay the request to the Aruba controller?

  Yes.  This is called "proxying"

> 2: If it is possible what do I have to put in the configs file
> and where?

  This is documented.

  Alan DeKok.

More information about the Freeradius-Users mailing list